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Release Date 
2022/04/21 


Affected Projects 
Realtek AP-Router Jungle SDK 


Affected Versions 
rtl819x-SDK-v3.4.x Series 
rtl819x-SDK-v3.4T Series 
rtl819x-SDK-v3.4T-CT Series 


CVEID 
CVE-2022-29558 


Description 


(CVE-2022-29558) 


On Realtek Jungle SDK-based routers, a vulnerability exists in the router’s Boa HTTP web server 


that allows.commands injection in the formW1SiteSurvey function. A malicious POST request with a 


crafted wlanif value could allow a logged in attacker to execute arbitrary commands. 


The root cause of the vulnerability is insufficient validation on the receiving buffer. An attack can 


exploit the vulnerability by crafting arguments in a specific request and execute arbitrary commands. 


Vulnerability Type 
Improper Input Validation 


Attack Type 


Network 
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Access Vector 


Crafted arguments in a specific request 


Security Risk 
High 


Patch 
20220418 sdk _v3.4T-CT_patch for fix_attack_of_boa.zip 
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